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Foreword 

This Technical Specification (TS) has been produced by the 3 rd Generation Partnership Project (3GPP). 

The contents of the present document are subject to continuing work within the TSG and may change following formal 
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an 
identifying change of release date and an increase in version number as follows: 

Version x.y.z 

where: 

x the first digit: 

1 presented to TSG for information; 

2 presented to TSG for approval; 

3 or greater indicates TSG approved document under change control. 

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, 
updates, etc. 

z the third digit is incremented when editorial only changes have been incorporated in the document. 
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1 Scope 

The present document specifies the transmission protocol to be used to communicate with the USAT Interpreter and the 
administrative structures and procedures to administer the USAT Interpreter. 

The present document does not specify any USAT Interpreter byte code commands. 



2 References 

The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication, edition number, version number, etc.) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including 
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same 
Release as the present document. 



[1] 3 GPP TS 31.1 12: "USAT Interpreter Architecture Description; Stage 2" 

[2] 3GPP TS 31.1 13: "USAT Interpreter Byte Codes" 

[3] 3GPP TS 23.048: "Security Mechanisms for the (U)SIM Application Toolkit; Stage2" 

[4] 3GPP TS 31.1 1 1: "USIM Application Toolkit (USAT)" 

[5] ISO/IEC 7816-6 (1995): "Identification cards - Integrated circuit(s) cards with contacts, Part 6: 

Inter-industry data elements" 

[6] 3GPP TS 23.040: "Technical realization of the Short Message Service (SMS)" 

[7] 3GPP TS 23.038: "Alphabets and language-specific information" 

[8] 3GPP TS 24.01 1 : "Point-to-Point (PP) Short Message Service (SMS) support on mobile radio 

interface". 

3 Definitions and abbreviations 
3.1 Definitions 



For the purposes of the present document, the following terms and definitions apply: 

Access Mode: A Gateway Selector System consists of up to 3 different logical separate Gateway Selectors to handle 
the different modes of access. The specified modes of access are Operational Pull, Operational Push and Administrative 
access. 

Application Message: The package of commands or data sent from the Sending Application to the Receiving 
Application, or vice versa, independently of the transport mechanism. An Application Message is transformed with 
respect to a chosen Transport Layer and chosen level of security into one or more secured packets. 

Configuration: A collection of parameters to be used by the USAT Interpreter for the TAR value assigned to that 
configuration, like keys to be used, counters to be used, Access Node address, Security Node address, security 
parameters etc. 

Configuration Set: A set of up to 16 configurations assigned to an access mode. 
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Gateway: A network program that translates from a source language to the US AT Interpreter byte codes. The gateway 
resides between the application provider's server that contains pages written in the source language and a card 
containing the USAT Interpreter that will render these pages. 

Secured Packet: The information flow on top of which the level of required security has been applied. An Application 
Message is transformed with respect to a chosen Transport Layer and chosen level of security into one or more Secured 
Packets. 

Sending Application: The entity generating an Application Message to be sent. For the present document the Sending 
Application is the USAT Interpreter or the Gateway. 

Sending Entity: This is the entity from which the Secured Packet is sent and where the security mechanisms are 
invoked. The Sending Entity generates the Secured Packets to be sent. For the present document the Sending Entity is 
the USAT Interpreter Security Functionality or the Security Node. 

Receiving Entity: This is the entity where the Secured Packet is received and where the security mechanisms are 
utilised. The Receiving Entity processes the Secured Packets. For the present document the Receiving Entity is the 
USAT Interpreter Security Functionality or the Security Node. 

USAT Command: A proactive USIM Application Toolkit command as specified in TS 31.1 1 1 [4]. 

USAT Interpreter Command: A byte code command for the USAT Interpreter as specified in TS 31.113 [2]. 



3.2 



Abbreviations 



For the purposes of the present document, the following abbreviations apply 



MAC 
MSB 
O 



URL 

USAT 

USIM 



SPI 

TAR 

TLV 

UE 

UI 

UIO 



PoR 
RC 
RFU 
SMS 



CNTR 

DES 

DCS 

DS 

GO 

ID 

KIc 

KID 

M 



BER 
C 

CBC 
CC 



SMS-PP 



Cfg 



UI-TLV 



Basic Encoding Rules 

Conditional 

Cipher Block Chaining 

Cryptographic Checksum 

Configuration 

Counter 

Data Encryption Standard 
Data Coding Scheme 
Digital Signature 
Gateway Originated 
IDentifier 

Key and algorithm Identifier for ciphering 
Key and algorithm Identifier for RC/CC/DS 
Mandatory 

Message Authentication Code 

Most Significant Bit 

Optional 

Proof of Receipt 

Redundancy Check 

Reserved for Future Use 

Short Message Service 

Short Message Service - Point to Point 

Security Parameters Indication 

Toolkit Application Reference 

Tag Length Value 

User Equipment 

USAT Interpreter 

USAT Interpreter Originated 

USAT Interpreter TLV 

Uniform Resource Locators 

USIM Application Toolkit 

Universal Subscriber Identity Module 
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3.3 Symbols 

'0' to '9' and 'A' to 'F':The sixteen hexadecimal digits. 

Single bits are identified by bl to b8, where bl is the LSB and b8 is the MSB of the byte containing the bit. 
RFU bits and bytes are to be set to '0'. 



4 TLV Format 

USAT Interpreter transmission protocol elements contained in an application message are sent between the USAT 
Interpreter and the Gateway System as BER-TLV data objects. Each application message shall only contain one BER- 
TLV object. See ISO/IEC 7816-6 [5] for more information on data objects. 

The tag of a BER-TLV is a constant value, length one byte, indicating it is a USAT Interpreter application message. 
The length is coded according to ISO/IEC 7816-6 [5]. 

The value part of the BER-TLV data object consists of USAT Interpreter TLV (UI-TLV) data objects. It is mandatory 
for UI-TLV data objects to be provided in the order given in the description of each BER-TLV. New UI-TLV data 
objects can be added to the end of a BER-TLV. 

All UI-TLVs specified in the present document shall be coded according to the rules specified in TS 31.113 [2] for 
TLVs. 

Padding characters are not allowed in any TLV objects specified in the present document. 



5 Transmission protocol 

The transmission protocol is used by the USAT Interpreter and the USAT Interpreter Gateway System to communicate 
with each other. According to TS 31.1 12 [1] the USAT Interpreter Gateway System may consist of several logical and 
functional entities. 

It is not mandatory for the USAT Interpreter to support the communication with a USAT Interpreter Gateway System, 
in that mode in which locally stored pages (resident pages) are rendered by the USAT Interpreter only. If the USAT 
Interpreter supports the communication with a USAT Interpreter Gateway System, it shall be supported as described in 
the present document. 

The transmission protocol shall be compliant to TS 23.048 [3], where the Gateway is the Sending Application and the 
USAT Interpreter is the Receiving Application or vice versa. The Sending and Receiving Entities as specified in TS 
23.048 [3] are the Security Node and the USAT Interpreter Security functionality (TS 31.112 [1]). 
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Figure 5.1 : System overview 

The USAT Interpreter transmission protocol shall fully comply to TS 23.048 [3], if not stated otherwise in the present 
document. 



5.1 Transport bearer 



At least, the USAT Interpreter Security Functionality and the Security Node shall support the following transport bearer 
specified in TS 23.048 [3]: 

SMS-PP: Single Short Message Point to Point and Concatenated Short Message Point to Point 

Concatenation of short messages shall be supported for both directions. The available buffer space for concatenated 
short messages supported by the USAT Interpreter Security functionality in both directions is to be defined by the card 
issuer and is indicated by the respective USAT Interpreter system information variables as specified in TS 31.113 [2]. 



Other transport bearers may be supported. 



5.2 TS 23.048 Security 

This clause specifies the security parameters to be supported for secured packets between the USAT Interpreter Security 
Functionality and the Security Node. The security parameters shall apply for both directions. 

For exchanging information between the USAT Interpreter Security Functionality and the USAT Interpreter Security 
Node the Command Packet structure as specified in TS 23.048 [3] shall be used in both directions. The execution and 
handling of the Command Packet shall be independent from the used bearer. 

PoR by using SMS-SUBMIT should be supported by the USAT Interpreter Security Functionality, i.e. the Security 
Node may request a PoR from the USAT Interpreter using SMS-SUBMIT to send the PoR. PoR using SMS-DELIVER- 
REPORT may be supported by the USAT Interpreter. Additional Response Data (see TS 23.048 [3]) for the PoR is not 
specified for the present document. Support of PoR in the other direction is optional. 

At least the following TS 23.048 [3] security mechanisms shall be supported by the USAT Interpreter Security 
Functionality and the Security Node: 

Authentication (as indicated in SPI bl,b2): 

- No RC, CC or DS 
Cryptographic checksum 

Encryption (as indicated in SPI b3): 

No ciphering 

- Ciphering 
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Counter (as indicated in SPI b4,b5): 

- all modes 

For messages originated by the USAT Interpreter, the counter value of the used configuration shall be incremented by 1 
for each outgoing message. The first message issued by the USAT Interpreter Security Functionality or the Security 
Node shall have the counter value '00 00 00 00 32'. There shall be no wrap mechanism, that means, if the counter value 
reaches 'FF FF FF FF FF', the USAT Interpreter shall not send any messages any more. 

The following KIc modes shall be supported by the USAT Interpreter: 

Algorithm (as indicated in bl,b2): 

- DES 

Modes of DES (as indicated in b3,b4): 

- DES in CBC mode 

- Triple DES in outer CBC mode using 2 different keys 

The following KID modes shall be supported by the USAT Interpreter: 

Algorithm (as indicated in bl,b2): 

- DES 

Modes of DES (as indicated in b3,b4): 

- DES in CBC mode 

- Triple DES in outer CBC mode using 2 different keys 

The 8-byte output of the DES based MAC calculation is used as CC in the RC/CC/DS field of the secured messages. 
Padding: 

According to TS 23.048 [3] the padding value shall be '00'. 

The padding counter (PCNTR) may contain the value '00', which means, that no padding was applied to the message. 
The maximum value of the padding counter depends on the block size of the selected enciphering algorithm. PCNTR is 
used for ciphering only. For authentication, the message is padded virtually with '00' padding bytes for calculation of 
the CC if necessary, but no padding bytes are stored or indicated in the command packet. 

The number and storage of KIc and KID keys is up the card issuer. It is strongly recommended to use at least one 
authentication mechanism. The key selection part of KIc and KID (b8-b5) should be seen as an index. A card may 
support up to 16 keys for KIc and up to 16 keys for KID per TAR value. For Triple-DES with 2 different keys, the 
length is 16 bytes (8 bytes for each key). 

5.3 Addressing and key selection 
5.3.1 Configuration Sets 

According toTS 31.1 12 [1] a Gateway Selector System consists of up to 3 different logical separate Gateway Selectors 
to handle the different modes of access. The modes of access are Operational Pull, Operational Push and Administrative 
access. The distinction of these access modes is made using different ranges of TAR values: 



Table 5.1 : TAR values for access mode 



Access Mode 


TAR Value Range 


Operational Pull 


'B2 00 00' to 'B2 00 OF' (16 values) 


Operational Push 


'B2 00 30' to 'B2 00 3F' (16 values) 


Administration 


'B2 00 70' to 'B2 00 7F' (16 values) 
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Other TAR values in the USAT Interpreter range of 'B2 00 00' to 'B2 00 FF are RFU. 

For each access mode (and therefore for each TAR value range) the USAT Interpreter shall be able to store a 
Configuration Set. A Configuration Set consists of up to 16 different configurations, one configuration per TAR value. 

Each configuration consists of a collection of parameters to be used by the USAT Interpreter for the assigned TAR 
value, like keys to be used, counters to be used, security parameters and so on. 

The following table provides an overview of the parameters to be stored for each configuration: 



Table 5.2: Configurations 





Operational Pull 
Configuration Set 
TAR range 

'B2 00 00' to 'B2 00 OF 


Operational Push 
Configuration Set 
TAR range 

'B2 00 30' to 'B2 00 3F' 


Administration 
Configuration Set 
TAR range 

'B2 00 70' to 'B2 00 7F' 


Parameter 


Cfg1 


Cfg2 




Cfg 16 


Cfg 1 


Cfg 2 




Cfg 16 


Cfg 1 


Cfg 2 




Cfg 16 


TAR Value 


























23.048 Counter Ul terminated 


























23.048 Counter Ul originated 


























23.048 Klc Keys (up to 16 
values) 


























23.048 KID Keys (up to 16) 


























SPI, Klc and KID bytes to be 
used for USAT Interpreter 
originated messages 


























SPI, Klc and KID list to be 
checked for USAT Interpreter 
terminated messages 


























USAT Command list 


























USAT Interpreter byte code list 


























USAT Interpreter command list 
for administration 


























Operational Configuration 
Modification 


























Bearer specific data set 
Modification 


























Linked Pull TAR 


























Reference to a bearer specific 
data set 



























— denotes entries not applicable for the configuration 

In addition to the Configuration Sets the USAT Interpreter shall be able to store bearer specific data. Each configuration 
shall contain a reference to one set of bearer specific data. Bearer specific data shall contain at least the following 
information: 



Table 5.3: Bearer specific data 





Bearer specific 
data set 


Bearer specific 
data set 1 




Bearer specific 
data set n 


Bearer type 


(e.g. SMS) 


(e.g. GPRS) 






Access Node address 


(SMS specific) 


(GPRS specific) 






Security Node address 


(SMS specific) 


(GPRS specific) 

















For the coding of SMS specific bearer information see clause 6. 1 .2. 1 1 .4. 

The number of supported bearer specific data sets is up to issuer of the USAT Interpreter. 

The coding of other bearer specific data depends on the type of bearer used and is out of the scope of the present 
document. 
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5.3.1 .1 Configuration description 

5.3.1.1.1 TAR Value 

This entry defines the TAR value assigned to the configuration. The TAR value shall be part of the TAR value range of 
the Configuration Set the configuration belongs to. The TAR value shall be unique within the TAR values assigned to 
the configurations of the Configuration Set. 

5.3.1 .1 .2 23.048 Counter Ul terminated 

This entry contains the current counter value of the Receiving Entity (the USAT Interpreter Security functionality) for 
USAT Interpreter terminated messages. The handling of this entry shall be according to TS 23.048[3]. 

5.3.1 .1 .3 23.048 Counter Ul originated 

This entry contains the current counter value of the Sending Entity (the USAT Interpreter Security functionality) for 
USAT Interpreter originated messages. The handling of this entry shall be according to clause 5.2 of the present 
document. 

5.3.1.1.4 23.048 Klc keys 

This entry contains up to 16 different Klc keys to be used for encryption/decryption according to TS 23.048 [3]. The 
number of available Klc keys may vary. The size of Klc keys may vary depending on the algorithm intended to use a 
key. Each Klc value shall be uniquely addressable by a 4 bit value within the configuration, the Klc index. The Klc 
index is reflected in the most significant nibble of the Klc byte within a 23.048 message as specified in TS 23.048 [3]. 

5.3.1.1.5 23.048 KID keys 

This entry contains up to 16 different KID keys to be used for CC/DS generation / verification according to TS 23.048 
[3]. The number of available KID keys may vary. The size of KID keys may vary depending on the algorithm intended 
to use a key. Each KID value shall be uniquely addressable by a 4 bit value within the configuration, the KID index. 
The KID index is reflected in the most significant nibble of the KID byte within a 23.048 message as specified in TS 
23.048 [3]. 

5.3.1 .1 .6 SPI, Klc and KID bytes to be used for USAT Interpreter originated messages 

The USAT Interpreter Security Functionality shall use the information in this entry, to generate USAT Interpreter 
originated secured messages. This entry consist of 2 SPI bytes, which specifies the security parameters to be used to 
generate the secured message, a Klc byte, which specifies the algorithm and the Klc key of the configuration to be used 
for the encryption of the secured message and a KID byte, which specifies the algorithm and the KID key of the 
configuration to be used for the CC/DS generation of the secured message. 

5.3.1 .1 .7 SPI, Klc and KID list to be checked for USAT Interpreter terminated messages 

This entry consists of a list of security parameters to be compared by the USAT Interpreter functionality with the 
security parameters of USAT Interpreter terminated secured messages. 

Each entry in the list consists of the following information: 

- SPI byte 

- least significant nibble of Klc 

- least significant nibble of KID 

The USAT Interpreter security functionality shall check for each USAT Interpreter terminated secured message if the 
combination of SPI, least significant nibble of Klc and least significant nibble of KID matches a combination included 
in the list of this entry for the configuration identified by the TAR value. If no match is found, the secured message can 
not be processed and shall be discarded. 
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If a match is found, the decryption and authentication shall be executed according to the parameters in SPI, KIc and 
KID with the KIc key and the KID key of the configuration indicated in the received secured message. 



This entry specifies, which USAT commands the USAT Interpreter shall allow to be executed using the Execute USAT 
Command interface (see TS 31.1 13 [2]) within a page linked to the configuration with the USAT Command list. 

USAT Commands not listed in the USAT Command list shall not be executed when triggered by the Execute USAT 
Command interface (see TS 31.113 [2]). 

For a USAT Command being a USAT Interpreter command (a byte code) itself (e.g. Display Text or Get Input byte 
code, see TS 31.1 13 [2]) the USAT Interpreter byte code list shall apply. 

If the USAT Interpreter is requested to execute a USAT command not allowed according to the USAT Command list, 
the USAT Interpreter shall issue the error '6F0A' "USAT command not allowed" as specified in TS 31.1 13 [2]. 

The USAT command list of the current page linked to the current configuration is reflected in the "USAT Interpreter 
system information variable '02': USAT Command Filter" with the coding specified in the present document, see TS 
31.113 [2]. 

Coding of the USAT Command list: see clause 6.1.2.10.3.7. 



This entry specifies, which USAT Interpreter commands the USAT Interpreter shall allow to be executed within a page 
linked to the configuration with the USAT Interpreter byte code list. 

USAT Interpreter commands not listed in the USAT Interpreter byte code list shall not be executed by the USAT 
Interpreter. 

If the USAT Interpreter is requested to execute a USAT Interpreter command not allowed according to the USAT 
Interpreter byte code list, the USAT Interpreter shall issue the error '6F0A' "USAT command not allowed" as specified 
in TS 31.113 [2]. 

The USAT Interpreter byte code list of the current page linked to the current configuration is reflected in the "USAT 
Interpreter system information variable 'OA': USAT Interpreter Byte Code Filter" with the coding specified in the 
present document, see TS 31.113 [2]. 

Coding of the USAT Interpreter byte code list: see clause 6.1.2.10.3.8. 

5.3.1.1.10 USAT Interpreter command list for administration 

This entry specifies, which USAT Interpreter administration commands the USAT Interpreter shall allow to be executed 
within an Administration Message linked to the configuration with the USAT Interpreter command list for 
administration. 

USAT Interpreter administration commands not listed in the USAT Interpreter command list for administration shall 
not be executed by the USAT Interpreter. 

If the USAT Interpreter is requested to execute a USAT Interpreter administration command not allowed according to 
the USAT Interpreter command list for administration, the USAT Interpreter shall issue the error '6F0A' "USAT 
administration command not allowed" as specified in clause 6.3. 

5.3.1 .1 .1 1 Operational configuration modification 

This entry specifies, which of the Operational Pull and Operational Push Configurations may be changed by the 
Administration Configuration. 

Administration Configurations shall not be able to modify other Administration Configurations. 

If the USAT Interpreter is requested to modify a not allowed Configuration, the USAT Interpreter shall issue the error 
'6F0B' "Modify configuration not allowed" as specified in clause 6.3. 



5.3.1.1.8 



USAT Command list 



5.3.1.1.9 



USAT Interpreter byte code list 
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5.3.1.1.12 Bearer specific data set modification 

This entry specifies, which of the Bearer specific data sets may be changed by the Administration Configuration. 

If the USAT Interpreter is requested to modify a not allowed bearer data set, the USAT Interpreter shall issue the error 
'6F0B' "Modify configuration not allowed" as specified in clause 6.3. 

5.3.1.1.13 Linked Pull TAR 

This entry is valid only for configurations belonging to the Operational Push Configuration Set. 

For messages sent by the USAT Interpreter to the USAT Interpreter System due to the execution of a page received in 
Operational Push Mode, the USAT Interpreter Security Functionality shall use the configuration of the Operational Pull 
Configuration Set which is indicated as the "linked Pull TAR" in the configuration of the last received message in 
Operational Push Mode. 

NOTE: By using a dedicated "linked Pull TAR" (TAR value used for that purpose only and known by the 

Gateway system) a Gateway is able to distinguish between a pull request due to a push message and pull 
requests not due to a push message. 

5.3.1.1.14 Reference to a bearer specific data set 

This entry shall contain a link to a bearer specific data set to be used by the USAT Interpreter to send USAT Interpreter 
originated secured messages. For USAT Interpreter terminated messages, all supported bearers shall be accepted by the 
USAT Interpreter to receive a secured message. 

5.3.1 .2 Configuration Selection in Operational Pull Mode 

Each USAT Interpreter resident page should have a permanent link to a configuration within the Operational Pull 
Configuration Set. The link is provided by a TAR value stored together with the resident page. For the coding of the 
TAR value used to link a resident page with a configuration see clause 6. 1 .2. 1 below. 

Pages without having a permanent link can be used to inherit the configuration of a page branching to them. This can be 
considered as executing a sub-page without changing the current configuration. 

For messages sent by the USAT Interpreter to the USAT Interpreter Gateway System due to the execution of a resident 
page, the USAT Interpreter Security Functionality shall use the linked configuration of the Operational Pull 
Configuration Set. This used configuration shall be then the current configuration. If the resident page does not have a 
permanent link to a configuration the current configuration is to be used. If no current configuration is available, the 
USAT Interpreter shall behave as described in clause 5.8. 

For Operational Pull messages (i.e. messages with the TAR value in the Operational Pull Mode TAR value range) 
received by the USAT Interpreter from the USAT Interpreter Gateway System, the USAT Interpreter Security 
Functionality shall check, if the received TAR value is equal to the TAR value of the current configuration. If the values 
are not equal, the received message shall be discarded by the USAT Interpreter Security Functionality. If the TAR 
values are equal, the message shall be processed by the USAT Interpreter Security Functionality according to the 
security parameters of the current configuration and the page is permanently linked with this configuration. 

For messages sent by the USAT Interpreter to the USAT Interpreter System due to the execution of a page received in 
Operational Pull Mode, the USAT Interpreter Security Functionality shall use the configuration linked with the page. 

5.3.1 .3 Configuration Selection in Operational Push Mode 

For Operational Push messages (i.e. messages with the TAR value in the Operational Push Mode TAR value range) 
received by the USAT Interpreter from the USAT Interpreter Gateway System, the USAT Interpreter Security 
Functionality shall check, if there is a configuration in the Operational Push Configuration Set, which contains the 
received TAR value of the message. If the matching TAR value is found, the message shall be processed by the USAT 
Interpreter Security Functionality according to the security parameters of the configuration with the matching TAR 
value. If no matching TAR value is found, the received message shall be discarded by the USAT Interpreter Security 
Functionality. 

For messages sent by the USAT Interpreter to the USAT Interpreter System due to the execution of a page received in 
Operational Push Mode, the USAT Interpreter Security Functionality shall use the configuration of the Operational Pull 
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Configuration Set which is indicated as the "linked Pull TAR" in the configuration of the last received message in 
Operational Push Mode. This used Operational Pull configuration shall be then the current configuration. 

5.3.1 .4 Configuration Selection in Administration Mode 

For Administration Messages (i.e. messages with the TAR value in the Administration Mode TAR value range) 
received by the USAT Interpreter from the USAT Interpreter Gateway System, the USAT Interpreter Security 
Functionality shall check, if there is a configuration in the Administration Configuration Set, which contains the 
received TAR value of the message. If the matching TAR value is found, the message shall be processed by the USAT 
Interpreter Security Functionality according to the security parameters of the configuration with the matching TAR 
value. If no matching TAR value is found, the received message shall be discarded by the USAT Interpreter Security 
Functionality. 

For messages sent by the USAT Interpreter to the USAT Interpreter Gateway System due to the execution of 
administration commands, the USAT Interpreter Security Functionality shall use the configuration of the 
Administration Configuration Set which contains the TAR value of the corresponding processed message in 
Administration Mode. 

5.3.2 Addressing for USAT Interpreter originated messages 

5.3.2.1 Access Node 

The USAT Interpreter shall use the Access Node address within the bearer specific data set linked to the currently 
selected configuration to address the Access Node. The coding of the Access Node address is bearer dependent and out 
of the scope of the present document. 

E.g. the Access Node address of the Access Node for the SMS case can be the SMSC address. 

5.3.2.2 Security Node 

The USAT Interpreter shall use the Security Node address within the bearer specific data set linked to the currently 
selected configuration to address the Security Node. The coding of the Security Node address is bearer dependent and 
out of the scope of the present document. 

E.g. the Security Node address of the Security Node for the SMS case can be the destination address. 

5.3.2.3 Key selection in Security Node 

If the SPI of the secured message indicates any security applied, the key selection for the security within Security Node 
shall be done according to the following rules: 

- The originator of the message shall be determined by the information provided by the bearer level. E.g., for the 
SMS case, this can be the originator address. With this information, all transport keys defined for the originator 
of the message shall be available for the Security Node. 

The TAR value shall be checked by the Security Node. According to the TAR value, the correct set of keys is 
selected out of the key sets defined for the originator of the message. E.g., different key sets for different TAR 
values may exist for one USAT Interpreter card. 

- Within the selected key set, the KIc and KID values shall be used, as indicated in the 23.048 header (KIc and 
KID bytes) of the message. 

After retrieving the keys, the Security Node shall extract the Application Message according to TS 23.048[3]. If the 
Application Message could not be extracted due to the failure of the security checks, the message shall not be processed 
any further. 

5.3.2.4 Gateway Selector System 

The Gateway Selector System shall be addressed according to the TAR value of the message. If the TAR belongs to the 
Operational Pull TAR range, the messages is routed to the Operational Pull Gateway Selector, if the TAR belongs to the 
Administration TAR range, the messages is routed to the Administration Gateway Selector. 
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Messages with a TAR within the Operational Push TAR range shall never be sent by the USAT Interpreter. The USAT 
Interpreter shall respond to a received Operational Push mode message with a linked Operational Pull mode message. 



5.3.2.5 Gateway 

The Gateway shall be addressed by the Gateway Selector using the Gateway Address. The format and coding of the 
Gateway Address TLV value is out of the scope of the present document. If no Gateway Address TLV is contained in 
the message or the Gateway Address TLV is the Default Gateway Address (see clause 5.4.1.3), the Gateway Selector 
shall select the Gateway according to its own rules, which are out of the scope of the present document (e.g. using a 
default Gateway or examine the information in the Submit TLV). 



5.3.3 Addressing for Gateway originated messages 

The Gateway Selector shall assign a TAR value according to the source of the message (Operational Pull, Operational 
Push or Administration). 

The Security Node shall generate the Secured Packet according to the security parameters assigned to the addressed 
USAT Interpreter card and the given TAR value. 



5.4 USAT Interpreter originated Application Messages 

This chapter specifies the messages sent from the USAT Interpreter to the Gateway. 
The general message format is as follows: 



Bearer Header 



Bearer User Data 



TS 23.048 Header 



Application Message 



Transport Protocol TLV 

Figure 5.2: Message structure 

The content and structure of the bearer header depends on the chosen bearer. 

The content of the TS 23.048 header depends on the chosen configuration within the used Configuration Set. The 
Configuration Set depends on the used access mode, i.e. Operational Pull or Administration. 



5.4.1 USAT Interpreter originated BER-TLV for Operational Pull 
messages 



An Application Message sent by the USAT Interpreter to the Gateway in Operational Pull access mode consist of a 
USAT Interpreter originated TLV with the following content: 



Length 


Value 


Description 


M/O 


1 


'CO' 


UIO BER-TLV tag for operational pull messages 


M 


1-3 


A+B+C+D 


Length 


M 


A 


UI-TLV 


Submit 


M 


B 


UI-TLV 


Request ID 


C 


C 


UI-TLV 


Gateway Address 


C 


D 


UI-TLV 


Additional Information 


c 
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5.4.1.1 Submit UI-TLV 

The Submit UI-TLV shall be constructed according to TS 31.1 13 [2]. 

5.4.1.2 Request ID UI-TLV 

The Request ID UI-TLV contains the RequestID used for Wait State handling of the USAT Interpreter. The RequestID 
value shall be generated according to TS 3 1 . 1 1 3 [2] . 



The Request ID UI-TLV is conditionally incorporated into the UIO BER-TLV for operational pull messages. This UI- 
TLV shall only be incorporated in the UIO BER-TLV, if requested in the corresponding Submit Configuration UI-TLV 
(see TS 31.113 [2]). 



Length 


Value 


Description 


M/O 


1 


'40' 


Request ID UI-TLV tag 


M 


1 


1 


Length 


M 


1 


Data 


RequestID value 


M 






1 byte binary value 





5.4.1.3 Gateway Address U l-TLV 

The Gateway Address UI-TLV shall be taken from the Submit Configuration UI-TLV specified in TS 31.113 [2], 

The Gateway Address UI-TLV is conditionally incorporated into the UIO BER-TLV for operational pull messages. 
This UI-TLV shall only be incorporated in the UIO BER-TLV, if contained in the corresponding Submit Configuration 
UI-TLV (see TS 31.1 13 [2]) and not containing the Current Gateway Address. 



Table 5.4: Gateway Address handling 



Submit Configuration UI-TLV contains 


Gateway Address UI-TLV to be incorporated into the 
UIO BER-TLV for operational pull messages 


Gateway Address UI-TLV with a Gateway 
Address other than the Current Gateway Address 


Yes 


Gateway Address UI-TLV containing the Current 
Gateway Address 


No 


No Gateway Address UI-TLV 


No 



Default Gateway Address 

The Default Gateway Address is indicated in the Gateway Address UI-TLV by an empty value part of the Gateway 
Address UI-TLV (i.e. the length of the Gateway Address UI-TLV is set to '00' for the Default Gateway Address). 

The Default Gateway Address is used to indicate to the USAT Interpreter Gateway System, that the USAT Interpreter 
Gateway System shall use its own mechanisms to address the Gateway. 

Current Gateway Address 

In order to be able to detect, if the Gateway Address changes, the USAT Interpreter shall maintain a Current Gateway 
Address. 

The Current Gateway Address is set to "none" by the USAT Interpreter after a reset of the USAT Interpreter. 

Whenever a Gateway Address UI-TLV is processed by the USAT Interpreter, the USAT Interpreter shall check, if the 
Gateway Address in the processed Gateway Address UI-TLV is different from the Current Gateway Address. If the 
Gateway Address is different, the USAT Interpreter shall change the Current Gateway Address to the Gateway Address 
contained in the processed Gateway Address UI-TLV and include this new current gateway address in the operational 
pull request message. This applies also to the Default Gateway Address possibly coded in the processed Gateway 
Address UI-TLV. 

The Current Gateway Address mechanism is used to optimise the provisioning of gateway addresses by the USAT 
Interpreter. Only if the gateway address changes, the information on the new gateway address is transmitted to the 
USAT Interpreter Gateway System. 
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5.4.1 .4 Additional Information UI-TLV 

The Additional Information UI-TLV shall be incorporated into the UIO BER-TLV for operational pull messages under 
the following conditions: 

- A Gateway Address UI-TLV is contained in the corresponding Submit Configuration UI-TLV 

AND 

- that Gateway Address TLV has the SendAdditionallnformation bit set in its attribute byte (see TS 31.113 [2]) 

AND 

the Current Gateway Address has changed. 

All Submit Configuration UI-TLVs contained in locally stored pages (resident pages) having a permanent link to a 
configuration shall have a Gateway Address UI-TLV. 



Coding of the Additional Information UI-TLV: 



Length 


Value 


Description 


M/O 


1 


'41' 


Additional Information UI-TLV tag 


M 


1-3 


A 


Length 


M 


A 


Data 


Additional Information 


M 



Coding of the additional information data: 

The additional information data contains a concatenated list of USAT Interpreter variable entries. Each contained 
variable entry in the list shall be coded as follows: 



Length 


Description 


1 


Variable ID (see TS 31.1 13 [3]) 


1-3 


length of variable content, coded according to the length coding rules for UI-TLVs 


L 


current variable content 



The following system information variables (see 31.113 [3]) shall be provided at least in the list in the given order: 



Variable ID 


Variable Name 


'01' 


USAT Interpreter version 


'02' 


USAT Interpreter profile 


'08' 


Hash Value of URL of USAT Interpreter issuer identification 


'09' 


Reception Buffer Size 


'0B' 


Transmission Buffer Size 



5.4.2 USAT Interpreter originated BER-TLV for Administration Messages 



An Application Message sent by the USAT Interpreter to the Gateway in Administration Mode (answer to a received 
Administration Message) consists of a USAT Interpreter originated BER-TLV for Administration Messages with the 
following content: 



Length 


Value 


Description 


M/O 


1 


'cr 


UIO BER-TLV tag for Administration Messages 


M 


1-3 


A+B 


Length 


M 


A 


UI-TLV 


ADM Response 


M 


B 


UI-TLV 


RequestID 


C 



5.4.2.1 ADM Response UI-TLV 

The ADM Response UI-TLV shall be coded according to clause 6.2. 
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5.4.2.2 RequestID UI-TLV 

The RequestID UI-TLV shall be incorporated by the USAT Interpreter into the UIO BER-TLV for Administration 
Messages if the corresponding GO Administration BER-TLV contains a RequestID UI-TLV. The USAT Interpreter 
shall copy the RequestID UI-TLV from the GO Administration BER-TLV to the UIO BER-TLV for Administration 
Messages in this case. Therefore, the USAT Interpreter mirrors the received RequestID UI-TLV to the Gateway. 

For the coding see clause 5.4.1.2. 

5.5 Gateway originated Application Messages 

This chapter specifies the messages sent from the Gateway to the USAT Interpreter. 
The general message format is as follows: 



Bearer Header 



Bearer User Data 



TS 23.048 Header 



Application Message 



Transport Protocol TLV 



Figure 5.3: Gateway originated Application Messages 

The content and structure of the bearer header depends on the chosen bearer. 

The content of the TS 23.048 header depends on the chosen configuration within the used Configuration Set. The 
Configuration Set depends on the used access mode, i.e. Operational Pull, Operational Push or Administration. 

If the USAT Interpreter receives a message whose Configuration Set does not match with the access mode, the message 
shall be discarded (e.g. Configuration Set = "pull" and tag = "GO Administration Message BER-TLV"). 

5.5.1 Gateway originated TLVs for Operational Messages 



An Application Message sent by the Gateway to the USAT Interpreter in Operational Pull (answer to a received 
Operational Pull message) consists of a Gateway originated BER-TLV with the following content: 



Length 


Value 


Description 


M/O 


1 


'C2' 


GO Pull Response BER-TLV tag 


M 


1-3 


A+B 


Length 


M 


A 


UI-TLV 


Page 


M 


B 


UI-TLV 


Request ID 


C 



An Application Message sent by the Gateway to the USAT Interpreter in Operational Push consists of a Gateway 
originated BER-TLV with the following content: 



Length 


Value 


Description 


M/O 


1 


'C3' 


GO Push BER-TLV tag 


M 


1-3 


A+B 


Length 


M 


A 


UI-TLV 


Page 


M 


B 


UI-TLV 


Inline Value containing Push Information Text 


M 



5.5.1.1 Page UI-TLV 

The Page UI-TLV shall be constructed according to TS 31.113 [2]. 



ETSI 



3GPP TS 31.114 version 5.1.0 Release 5 



21 



ETSI TS 131 1 14 V5.1 .0 (2002-06) 



5.5.1.2 Request ID UI-TLV 

The Request ID UI-TLV contains the RequestID used for Wait State handling of the USAT Interpreter. The received 
RequestID shall be checked by the USAT Interpreter according to TS 31.113 [2]. 

The RequestID UI-TLV shall be incorporated by the Gateway into the GO Pull Response BER-TLV if the 
corresponding BER-TLV for operational pull message contains a RequestID UI-TLV. The Gateway shall copy the 
RequestID UI-TLV from the UIO BER-TLV tag for operational pull message to the GO Pull Response BER-TLV in 
this case. Therefore, the Gateway mirrors the received RequestID UI-TLV to the USAT Interpreter. 

Coding: See clause 5.4.1.2. 

5.5.1 .3 Inline Value UI-TLV containing the Push Information Text 

The Push Information Text contains a text to be provided to the user prior to the rendering of the Push page. Variable 
references shall not be contained in this Inline Value UI-TLV. 

The handling of Push Messages is described in clause 5.6. 

Coding: according to the Inline Value TLV as specified in TS 31.113 [3]. 

5.5.2 Transport Protocol UIT TLV for Administration Messages 



An Application Message sent by the Gateway to the USAT Interpreter in Administration Mode consists of a Gateway 
originated BER-TLV for Administration Messages with the following content: 



Length 


Value 


Description 


M/O 


1 


'C4' 


GO Administration Message BER-TLV tag 


M 


1-3 


A+B 


Length 


M 


A 


UI-TLV 


ADM Request 


M 


B 


UI-TLV 


Request ID 


O 



5.5.2.1 ADM Request UI-TLV 

The ADM Request UI-TLV shall be coded according to clause 6. 1 . 

5.5.2.2 RequestID UI-TLV 

The RequestID UI-TLV may be incorporated by the Gateway to be able to logically connect a GO Administration 
Message with a UIO Administration Message. The USAT Interpreter shall mirror the received RequestID UI-TLV in 
the response to a GO Administration Message. See clause 5.4.2.2. 

The generation of the value for the RequestID is up to the Gateway system and out of the scope of the present 
document. 

Coding: See clause 5.4.1.2. 

5.6 Handling of Push Messages 

Push messages may reach the USAT Interpreter at any time. Therefore the following table provides the rules, how to 
handle received push messages in different states the USAT Interpreter may currently be. 
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Table 5.5: Handling of Push messages 



DrtGGil^la ctotoc nf tho 1 ICAT Inlarnratai* 
rObblDIc bldlco Ol int? UoAl inicipiclcl 


ndnuiiny ui a received rusn rn@ssciue 


USAT Interpreter idle mode 


render pushed page 


about to parse byte code 


ask user to execute received Push page 


about to parse locally stores pages (resident pages) 


ask user to execute received Push page 


wait state 


ask user to execute received Push page 


Terminal Response Handler execution environment (see TS 
31.113 [2], e.g. SELECT ITEM) 


ask user to execute received Push page 


about to parse administrative code received prior to the 
current message 


finalise Administration Message, then 
execute received Push page 


USAT Interpreter idle mode but another running application 
(another proactive session) 


Out of the scope of the present document. 



For the option "ask user" a DISPLAY TEXT USAT command shall be issued by the USAT Interpreter to notify the 
user that the USAT Interpreter has received a Push page. The text provided in the Push Information Text UI-TLV shall 
ask the user, if the user wants to execute the pushed page and may provide information about the content of the received 
Push page. 

If the user wants to execute the pushed page, the USAT Interpreter shall discard the current state and shall render the 
Push page. If the user rejects to execute the Push page, the USAT Interpreter shall discard the received Push page and 
shall continue in the current state. 

The text to be used for the text string of the DISPLAY TEXT command shall be taken from the Inline Value TLV of the 
GO Push BER-TLV. 

For the DISPLAY TEXT USAT command the command qualifier option 
"high priority" and " wait for user to clear message" coded as '81' 
shall be used. 

The USAT Interpreter shall handle the "ask user" option according to the following figure: 




f \ 
DISPLAY TEXT 

with Push 

Information Text 

v ) 




"ok", or 
"no response from user" 



other General Results 



Discard received 
Push page; 
continue in 
current state 



Discard current 

state; 
Render received 
Push page 



Figure 5.4: "Ask User" flow 
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5.7 Handling of Administration Messages 

Administration Messages may reach the USAT Interpreter at any time. Therefore the following table provides the rules, 
how to handle received Administration Messages in different states the USAT Interpreter may currently be. 

Administration Messages are handled as messages with a low priority to be executed, i.e. Administration Messages are 
executed only, if the USAT Interpreter is in idle mode. 



Table 5.6: Handling of Administration Messages 



Possible states of the USAT Interpreter 


Handling of a received Administration Message 


USAT Interpreter idle mode 


execute Administration Message 


about to parse byte code 


discard Administration Message without indicating an error 


about to parse locally stores pages (resident 
pages) 


discard Administration Message without indicating an error 


wait state 


discard Administration Message without indicating an error 


Terminal Response handler execution 
environment (see TS 31.113 [2], e.g. SELECT 
ITEM) 


discard Administration Message without indicating an error 


about to parse administrative code received 
prior to the current message 


discard Administration Message without indicating an error 


USAT Interpreter idle mode but another running 
application (another proactive session) 


discard Administration Message without indicating an error 



If an Administration Message is discarded by the USAT Interpreter, no corresponding ADM Response shall be 
generated by the USAT Interpreter. 

NOTE: The USAT Interpreter Gateway System is able to detect discarded Administration Messages by checking 
the reception of the mandatory corresponding ADM Response. If no ADM Response is received, the 
USAT Interpreter Gateway System should consider the Administration Message as not executed by the 
USAT Interpreter. 

5.8 Error handling 

Messages which could not pass the security checks successfully according to the requirements specified in the 
corresponding configuration or which contain TAR values not supported by one of the Configuration Sets shall be 
ignored and discarded by the USAT Interpreter. 



6 Administration procedures 

Administration procedures are used for configuration of the USAT Interpreter. 

It is not mandatory for the USAT Interpreter to support administration procedures. If the USAT Interpreter does not 
support administration procedures the USAT Interpreter configuration (e.g. locally stored pages (resident pages), plug- 
ins, keys, etc.) cannot be modified in an interoperable way. 

If the USAT Interpreter supports administration procedures (even partly), they shall be supported as described in the 
present document. This implies that the USAT Interpreter supports parts of the Transmission protocol (used for 
administration) as described in chapter 5. 

6.1 ADM Request 

All administration commands are contained in an ADM Request UI-TLV. For the case that administration procedures 
can be handled by the USAT Interpreter a response to an ADM request is mandatory. Clause 5.7 describes conditions 
for the USAT Interpreter when administration procedures shall be handled. . The ADM Request UI-TLV has the 
following structure: 
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Length 


Value 


Description 


M/O 


1 


'60' / 'E0' 


ADM Request UI-TLV tag 


M 


1-3 


A+B+...+X 


Length 


M 


A 


Data 


Attributes 





B 


UI-TLV 


ADM Command 1 


M 










X 


UI-TLV 


ADM Command n 






The ADM commands shall be executed in the order given in the ADM Request. 

6.1.1 Attributes 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



' Refresh of menu structure requested by the Gateway System 

0: no refresh of menu requested after executing the 
command list 

1 : refresh of menu requested after executing the command 
list 

' Refresh of event handling requested by the Gateway System 

0: no refresh of events requested after executing the 
command list 

1 : refresh of events requested after executing the command 
list 

I 1 1 1 1 RFU 

Follow bit 

Refresh of menu structure requested by the Gateway System 

If this bit is set, the USAT Interpreter shall take the necessary actions to update the UE menu structure with the current 
menu configuration. E.g. it might be necessary to issue a SETUP MENU USAT command to the UE or to register new 
menu entries linked to locally stored pages (resident pages) to a framework provided by the operating system of the 
UICC. 

How the USAT Interpreter ensures, that the current configuration is reflected in the menu structure seen by the user is 
up to the implementation of the USAT Interpreter and out of the scope of the present document. 

If this bit is not set, the USAT Interpreter shall take no actions to update the UE menu structure with the current menu 
configuration. Modifications shall be reflected after receiving an ADM Request with this bit set or after reset of the 
USAT Interpreter in this case. 

Refresh of event handling requested by the Gateway System 

If this bit is set, the USAT Interpreter shall take the necessary actions to update the UE event list with the current event 
configuration. E.g. it might be necessary to issue a SETUP UP EVENT LIST USAT command to the UE or to register 
new events linked to locally stored pages (resident pages) to a framework provided by the operating system of the 
UICC. 

How the USAT Interpreter ensures, that the current configuration is reflected in the event list of the UE is up to the 
implementation of the USAT Interpreter and out of the scope of the present document. 

If this bit is not set, the USAT Interpreter shall take no actions to update the UE event list with the current event list 
configuration. Modifications shall be reflected after receiving an ADM Request with this bit set or after reset of the 
USAT Interpreter in this case. 

6.1.2 ADM Commands 

The used Administration Configuration defines the usage of administration commands: 
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The entry "USAT Interpreter command list for administration" defines, which administration commands the 
USAT Interpreter allows to be executed by an Administration Configuration. 

- The entry "Operational Configuration Modification" defines, which Operational Mode Configuration may be 
changed by a specific Administration Configuration. 

- The entry "Bearer specific data set Modification" defines, which Bearer specific data sets may be changed by a 
specific Administration Configuration. 

Different Administration Configurations may be configured to change different Operational Mode Configurations and 
to support different sets of administration commands. Administration Configurations themselves cannot be modified by 
any command specified in the present document. 

The present document does not provide mechanisms to prevent administration entities in USAT Interpreter Gateway 
System from modifying data of other (independent) administration entities in the same or another USAT Interpreter 
Gateway System. Here are some examples of potential risks: 

- One administration entity could delete a resident page which has been installed by another administration entity. 

- One administration entity could install resident pages, which will occupy all available memory in the page pool 
so other administration entities cannot install their resident pages any more. 

This scheme requires co-operation and synchronisation between possible different administration entities in USAT 
Interpreter Gateway Systems. The synchronisation of administration entities in USAT Interpreter Gateway Systems is 
out of the scope of the present document. 

6.1.2.1 Install Page 

The USAT Interpreter shall administer a certain amount of memory to store pages locally (also called resident pages). 
This amount of memory is called page pool. Pages are stored as Page UI-TLVs with additional parameters given in the 
attribute and other UI-TLVs of the Install Page command. Locally stored pages are identified by their page 
identification, which is part of the Page UI-TLV (see TS 31.113 [2]). 

The Install Page command receives a page and stores it locally into the page pool. If there is already a page in the page 
pool with the same page identification as the received page, the received page shall overwrite the existing page. 

The memory management of the page pool is up the USAT Interpreter implementation and out of the scope of the 
present document. 



6.1 .2.1 .1 Coding of the Install Page command 



Length 


Value 


Description 


M/O 


1 


'62' / 'E2' 


Install Page UI-TLV tag 


M 


1-3 


A+B+C 


Length 


M 


A 


Data 


Attributes 





B 


UI-TLV 


TAR Value 





C 


UI-TLV 


Page 


M 



6.1.2.1.2 Attributes 

Coding of the attributes: 
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b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



- Access 

0: the page may be accessed by internal resources only 
(e.g. from the menu structure, from events, from other 
locally stored pages...) 

1 : the page may be accessed by any other page and any 
internal resource 

- RFU 

- Follow bit 



6.1.2.1.3 



TAR Value UI-TLV 



The TAR Value UI-TLV is used to link the locally stored page with a configuration within the Operational Pull 
Configuration Set. The TAR value provided by the USAT Interpreter system shall be available as a configuration in the 
Operational Pull Configuration Set. If no matching configuration is available, the USAT Interpreter shall issue the error 
"Configuration not available". 

Coding: 



Length 


Value 


Description 


M/O 


1 


'42' 


TAR Value UI-TLV tag 


M 


1 


3 


Length 


M 


3 


Data 


TAR Value 


M 



6.1.2.1.4 Page UI-TLV 

The Page UI-TLV shall be constructed according to TS 31.113 [2]. 

6.1.2.1.5 Possible errors 



Error Code 




No error 


OK 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to store the page. Remaining memory 
indicated. 


Configuration not available 


Provided TAR value is not contained in one of the 
configurations of the Operational Pull Configuration Set. 



6.1.2.2 Remove Page 

This command is used to remove a locally stored page from the page pool. 

6.1 .2.2.1 Coding of the Remove Page command 



Length 


Value 


Description 


M/O 


1 


'63' / 'E3' 


Remove Page UI-TLV tag 


M 


1-3 


A+B 


Length 


M 


A 


Data 


Attributes 


O 


B 


UI-TLV 


Page Identification 


M 



6.1.2.2.2 Attributes 

Coding of the attributes: 
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b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



■ Remove links 

0: Only the page is removed 

1 : The page is removed and all registered events and menu 
entries pointing to that page are to be removed by the 
USAT Interpreter. The removal of local pages referring to 
the removed page is up to the entity sending the Remove 
Page command. 

■ RFU 

■ Follow bit 



6.1.2.2.3 Page Identification UI-TLV 

The Page Identification UI-TLV is used by the USAT Interpreter to find the page to be removed from the page pool and 
to find all local references to the page. 

Coding: According to TS 31.113 [2]. 

6.1.2.2.4 Possible errors 



Error Code 




No error 


OK 


No error, 

additional information 
result code: 

'6F05' reference to undefined 


Referenced page not found 

For this case the USAT Interpreter shall not stop the 
execution of ADM request. Nevertheless this information shall 
be included in the response to the USAT Interpreter Gateway 
System. 



6.1 .2.3 Configure USAT Interpreter Entering Menu Title 

This command is used to specify a text to be used in the menu structure of the UE to reach the menus provided by the 
USAT Interpreter. E.g. this text may be used as the alpha-identifier within a SETUP MENU USAT command. 

Optionally a reference to an icon may be provided. 

If and how this text is used by the USAT Interpreter to provide a menu entry to reach the USAT Interpreter system is up 
to the implementation of the USAT Interpreter and the card operating system and is out of the scope of the present 
document. 



6.1 .2.3.1 Coding of the Configure Ul Entering Menu Title command 



Length 


Value 


Description 


M/O 


1 


'64' 


Configure Ul Entering Menu Title UI-TLV tag 


M 


1-3 


A+B 


Length 


M 


A 


UI-TLV 


Inline Value containing the text for the Ul entering menu title 


M 


B 


UI-TLV 


Icon Identifier 


O 



6.1.2.3.2 Inline Value UI-TLV 

The Inline Value UI-TLV contains the text and the DCS information to be used for the USAT Interpreter entering menu 
title. Variable references shall not be contained in this Inline Value UI-TLV. 

Coding: According to TS 31.113 [2]. 
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6.1 .2.3.3 Icon Identifier UI-TLV 

The Icon Identifier UI-TLV is used to provide a link to an icon which may optionally be used by the USAT Interpreter 
in conjunction with the USAT Interpreter entering menu title. See TS 3 1 . 1 1 1 [4] . 



Coding: 



Length 


Value 


Description 


M/O 


1 


'43' 


Icon Identifier UI-TLV tag 


M 


1 


2 


Length 


M 


1 


Icon Qualifier 
byte 


as specified in TS 31.111 [4] as Icon Qualifier byte for the Icon 
Identifier Simple-TLV 


M 


1 


Icon Identifier 
byte 


as specified in TS 31.111 [4] as Icon Identifier byte for the Icon 
Identifier Simple-TLV 


M 



6.1.2.3.4 Possible errors 



Error Code 




No error 


OK, even if the text is not used by the USAT Interpreter 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to store the text. Available memory 
indicated. 



6.1 .2.4 Configure Menu Text for Page 

This command is used to specify the page to be executed, when the USAT Interpreter receives a menu selection related 
to the text provided in this command. The USAT Interpreter shall verify the existence of the page linked to this text. 

If there is already a menu text with the same page identification as the one received in this UI-TLV then menu text of 
this UI-TLV shall overwrite the existing menu text. 

If the user selects a menu entry established with this command, the USAT Interpreter shall execute the page which is 
linked to the menu entry and identified by the Page identification given in the command. 

How the new menu entry is integrated into the menu structure of the UE by the USAT Interpreter is left to the 
implementation of the USAT Interpreter and the card operating system and is out of the scope of the present document. 

When the change in the menu will be made available by the USAT Interpreter for the user is controlled by the "Refresh 
of menu structure requested by the Gateway System" attribute of the ADM Request. 



6.1 .2.4.1 Coding of the Configure Menu Text for Page command 



Length 


Value 


Description 


M/O 


1 


'65' 


Configure Menu Text for Page UI-TLV tag 


M 


1-3 


A+B 


Length 


M 


A 


UI-TLV 


Inline Value containing the text for a menu item linked to the 
referenced page 


M 


B 


UI-TLV 


Page Identification 


M 



6.1.2.4.2 Inline Value UI-TLV 

The Inline Value UI-TLV contains the text and the DCS information to be used for the USAT Interpreter menu entry 
linked to the page identified in the Page Identification UI-TLV. Variable references shall not be contained in this Inline 
Value UI-TLV. 

Coding: According to TS 31.113 [2]. 
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6.1.2.4.3 Page Identification UI-TLV 

The Page Identification UI-TLV is used by the USAT Interpreter to identify the page to be linked with the menu entry 
text provided in the Inline Value UI-TLV. 

Coding: According to TS 31.113 [2]. 

6.1.2.4.4 Possible errors 



Error Code 




No error 


OK 


Reference to undefined 


Page referenced not found. 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to store the text. Available memory 
indicated. 



6.1 .2.5 Remove Menu Text for Page 

This command is used to remove the item from the menu linked to the specified page, without removing the linked page 
itself. 

When the change in the menu will be made available by the USAT Interpreter for the user is controlled by the "Refresh 
of menu structure requested by the Gateway System" attribute of the ADM Request. 



6.1 .2.5.1 Coding of the Remove Menu Text for Page command 



Length 


Value 


Description 


M/O 


1 


'66' 


Remove Menu Text for Page UI-TLV tag 


M 


1-3 


A 


Length 


M 


A 


UI-TLV 


Page Identification 


M 



6.1.2.5.2 Page Identification UI-TLV 

The Page Identification UI-TLV is used by the USAT Interpreter to identify the page for which the menu entry text and 
therefore the menu entry shall be removed. 

Coding: According to TS 31.113 [2]. 

6.1.2.5.3 Possible errors 



Error Code 




No error 


OK 


No error, 

additional information result 
code: 

'6F05' reference to undefined 


The specified page is not referenced by any menu entry. 
For this case the USAT Interpreter shall not stop the 
execution of ADM request. Nevertheless this information shall 
be included in the response to the USAT Interpreter Gateway 
System. 



6.1.2.6 Install Event 

This command specifies the page to be executed, when specific events are detected by the UE. In order to be notified by 
the UE of the event, the USAT Interpreter or the card operating system shall issue the necessary USAT commands (e.g. 
SET UP EVENT LIST). 

If there is already an event set up with the same Event Identifier as the one received in this UI-TLV then the Page 
Identification of this UI-TLV shall overwrite the existing Page Identification. 

How the new event is integrated into the event handling of the UE by the USAT Interpreter is left to the implementation 
of the USAT Interpreter and the card operating system and is out of the scope of the present document. 
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When the change in the event handling will be made available by the USAT Interpreter for the UE is controlled by the 
"Refresh of event handling requested by the Gateway System" attribute of the ADM Request. 



6.1 .2.6.1 Coding of the Install Event command 



Length 


Value 


Description 


M/O 


1 


'67' 


Install Event UI-TLV tag 


M 


1-3 


1+A 


Length 


M 


1 


Data 


Event Identifier, coded as specified in 3GPP TS 31.111 [4] for Event 
ListTLV. 

Additional Event Identifier see below. 


M 


A 


UI-TLV 


Page Identification 


M 



6.1.2.6.2 Additional Event Identifier 

In addition to the event identifiers specified in 3GPP TS 31.1 1 1 [2], the USAT Interpreter shall support the following 
USAT Interpreter specific internal events: 



Event 


Event Identifier Coding 


Description 


USAT Interpreter 
initialisation 


'AO' 


Issued once per initialisation of the USAT Interpreter 


'A1'-'AF' 


RFU 





6.1.2.6.3 Page Identification UI-TLV 

The Page Identification UI-TLV is used by the USAT Interpreter to identify the page which shall be executed after an 
event occurs. 

Coding: According to TS 31.113 [2]. 

6.1.2.6.4 Possible errors 



Error Code 




No error 


OK 


Reference to undefined 


Page referenced not found. 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to store the event. Available memory 
indicated. 



6.1.2.7 Remove Event 

This command removes an event from the current event list 



Coding of the Remove Event command: 



Length 


Value 


Description 


M/O 


1 


'68' 


Remove Event UI-TLV tag 


M 


1 


1 


Length 


M 


1 


Data 


Event Identifier, as specified in Install Event command 


M 



Possible errors: 
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error uoae 




No error 


OK 


No error, 

additional information result 
code: 

'6F05' reference to undefined 


Event Identifier not in current event list. 

For this case the USAT Interpreter shall not stop the 

execution of ADM request. Nevertheless this information shall 

be included in the response to the USAT Interpreter Gateway 

System. 



6.1 .2.8 Modify Environment Variable 

This command is used to modify the variables of the USIM issuer information partition. According to TS 31.113 [2] the 
variable IDs of this partition are in the range from '14' to '28'. The usage and the content of these variables are to be 
specified by the card issuer. 

If a variable to be set by this command does not exist, the variable shall be created by the USAT Interpreter. 

If a variable to be set by this command does exist already, the content provided by this command shall overwrite the 
previous content of the variable. 

If the Inline Value UI-TLV is not available in the Modify Environment Variable UI-TLV, the variable referenced by the 
Variable ID shall be removed by the USAT Interpreter. If the referenced variable to be removed does not exist, no error 
shall be generated by the USAT Interpreter. 



6.1 .2.8.1 Coding of the Modify Environment Variable command 



Length 


Value 


Description 


M/O 


1 


'69' 


Modify Environment Variable UI-TLV tag 


M 


1-3 


1+A 


Length 


M 


1 


Data 


Variable ID to store the content of the following Inline Value UI-TLV 


M 


A 


UI-TLV 


Inline Value containing the content for the variable 






6.1.2.8.2 Variable ID 

The Variable ID to be used to store the content of the corresponding Inline Value UI-TLV. 
The valid range is '14' to '28'. 

6.1.2.8.3 Inline Value UI-TLV 

The Inline Value UI-TLV contains the content to be stored into the variable. Variable references shall not be contained 
in this Inline Value UI-TLV. 

Coding: According to TS 31.113 [2]. 

6.1.2.8.4 Possible errors 



Error Code 




No error 


OK 


Reference to undefined 


The Variable ID is not in the specified range. 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to store the variable. Available memory 
indicated. 



6.1.2.9 Modify Wait State Message 

This command is used to modify the default message to be shown during Wait State by the USAT Interpreter. 
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6.1 .2.9.1 Coding of the Modify Wait State Message command 



Length 


Value 


Description 


M/O 


1 


'6A' 


Modify Wait State Message UI-TLV tag 


M 


1-3 


A 


Length 


M 


A 


UI-TLV 


Inline Value containing the text for Wait State 


M 



6.1.2.9.2 Inline Value UI-TLV 

The Inline Value UI-TLV contains the text and the DCS information to be used for the Wait State message. Variable 
references shall not be contained in this Inline Value UI-TLV. 

Coding: According to TS 31.113 [2]. 

6.1.2.9.3 Possible errors 



Error Code 




No error 


OK 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to store the text. Available memory 
indicated. 



6.1 .2.1 Modify Configuration Data 

This command is used to modify the configuration data for a specific TAR value in the Push Operational or Pull 
Operational mode. 



6.1 .2.1 0.1 Coding of the Modify Configuration command 



Length 


Value 


Description 


M/O 


1 


'6B' 


Modify Configuration Data UI-TLV tag 


M 


1-3 


3+A 


Length 


M 


3 


Data 


TAR Value of configuration to be changed 


M 


A 


UI-TLV 


Parameter List 


M 



6.1.2.10.2 TAR Value 

This TAR value identifies the operational mode configuration to be modified. If the addressed operational configuration 
does not exist, the operational configuration shall be created and stored by the USAT Interpreter. 

6.1.2.10.3 Parameter List 

This UI-TLV contains the parameters to be created or modified by this command. 



Coding of the Parameter List UI-TLV: 



Length 


Value 


Description 


M/O 


1 


'44' 


Parameter List UI-TLV tag 


M 


1-3 


A+ ... +Y 


Length 


M 


A 


Data 


Parameter 1 : coded as Index-Length-Value 


O 










Y 


Data 


Parameter n: coded as Index-Length-Value 


O 
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General coding of parameters: 



Length 


Entry 


Description 


M/O 


1 


Index 


One byte index value to identify the parameter 
Index value ranges: 

'00' - 'BF' reserved for usage in the present document 
'CO' - 'FF' for proprietary use 


M 


1-3 


A 


Length coded according to the length coding rules for UI-TLVs 


M 


A 


Data 


Parameter data, coding according to the table below. 


M 



Coding of the configuration parameters: 

6.1 .2.1 0.3.1 Parameter: 23.048 Counter Ul terminated 

Description: see clause 5.3.1.1. 



Length 


Value 


Description 


M/O 


1 


■or 


Index value for 23.048 Counter Ul terminated 


M 


1 


5 


Length of counter 


M 


5 


Data 


5 bytes, interpreted as a 40 bit binary value. The leftmost bit is the 
most significant bit. The leftmost byte is the most significant byte. 


M 



6.1 .2.1 0.3.2 Parameter: 23.048 Counter Ul originated 



Description: see clause 5.3.1.1. 



Length 


Value 


Description 


M/O 


1 


'02' 


Index value for 23.048 Counter Ul originated 


M 


1 


5 


Length of counter 


M 


5 


Data 


5 bytes, interpreted as a 40 bit binary value. The leftmost bit is the 
most significant bit. The leftmost byte is the most significant byte. 


M 



6.1 .2.1 0.3.3 Parameter: 23.048 Klc Keys 

Description: see clause 5.3.1.1. 

This parameter contains a list of up to 16 Klc keys. Each Klc key is specified by a Klc index value, the key value length 
and the key value itself. The length of the key value depends on the algorithm chosen for Klc. E.g. for DES, the key 
value would have a length of 8 bytes, for 3DES, the key value would have a length of 16 or 24 bytes, depending if 
3DES is used in 2 key or 3 key mode. 



Length 


Value 


Description 


M/O 


1 


'03' 


Index value for 23.048 Klc keys 


M 


1-3 


1+A+B+ ... 
+1+X+Y 


Length 


M 


1 


Data 


Klc Index coded as binary value in the range from '00' to 'OF' 


M 


A(1-3) 


Data 


Klc key length in bytes, coded according to the length coding rules for 
UI-TLVs 


M 


B 


Data 


Klc key, binary data, coded according to the requirements of the 
intended Klc algorithm. 


M 










1 


Data 


Klc Index coded as binary value in the range from '00' to 'OF' 


O 


X(1-3) 


Data 


Klc key length in bytes, coded according to the length coding rules for 
UI-TLVs 


O 


Y 


Data 


Klc key, binary data, coded according to the requirements of the 
intended Klc algorithm. 


O 



6.1 .2.1 0.3.4 Parameter: 23.048 KID Keys 

Description: see clause 5.3.1.1. 
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This parameter contains a list of up to 16 KID keys. Each KID key is specified by a KID index value, the key value 
length and the key value itself. The length of the key value depends on the algorithm chosen for KID. E.g. for DES, the 
key value would have a length of 8 bytes, for 3DES, the key value would have a length of 16 or 24 bytes, depending if 
3DES is used in 2 key or 3 key mode. 



Length 


Value 


Description 


M/O 


1 


'04' 


Index value for 23.048 KID keys 


M 


1-3 


1+A+B+ ... 
+ 1 +X+Y 


Length 


M 


1 


Data 


KID Index coded as binary value in the range from '00' to 'OF' 


M 


A(1-3) 


Data 


KID key length in bytes, coded according to the length coding rules 
for UI-TLVs 


M 


B 


Data 


KID key, binary data, coded according to the requirements of the 
intended Klc algorithm. 


M 










1 


Data 


KID Index coded as binary value in the range from '00' to 'OF' 


O 


X(1-3) 


Data 


KID key length in bytes, coded according to the length coding rules 
for UI-TLVs 


O 


Y 


Data 


KID key, binary data, coded according to the requirements of the 
intended KID algorithm. 


O 



6.1 .2.1 0.3.5 Parameter: SPI, Klc and KID bytes to be used for Ul originated messages 



Description: see clause 5.3.1.1. 



Length 


Value 


Description 


M/O 


1 


'05' 


Index value for SPI, Klc and KID to be used for Ul originated 
messages 


M 




4 


Length 


M 




Data 


First byte of SPI as specified in TS 23.048 [3] 


M 




Data 


Second byte of SPI as specified in TS 23.048 [3] 


M 




Data 


Klc byte as specified in TS 23.048 [3] 


M 




Data 


KID byte as specified in TS 23.048 [3] 


M 



6.1 .2.1 0.3.6 Parameter: SPI, Klc and KID list to be checked for Ul terminated messages 

Description: see clause 5.3.1.1. 



The number of list entries is limited to 16. 



Length 


Value 


Description 


M/O 


1 


'06' 


Index value for SPI, Klc and KID list to be checked for Ul terminated 
messages 


M 


1 


3 + ... + 3 


Length 


M 


1 


Data 


First byte of SPI as specified in TS 23.048 [3] 


M 


1 


Data 


Klc byte as specified in TS 23.048 [3], only the least significant nibble 
is relevant 


M 


1 


Data 


KID byte as specified in TS 23.048 [3], only the least significant 
nibble is relevant 


M 










1 


Data 


First byte of SPI as specified in TS 23.048 [3] 


O 


1 


Data 


Klc byte as specified in TS 23.048 [3], only the least significant nibble 
is relevant 


O 


1 


Data 


KID byte as specified in TS 23.048 [3], only the least significant 
nibble is relevant 


O 



6.1 .2.1 0.3.7 Parameter: USAT command list 

Description: see clause 5.3.1.1. 
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Length 


Value 


Description 


M/O 


1 


'07' 


Index value for USAT command list 


M 


1 


l_ A 


Length (1-32) 


M 


A 


Data 


USAT Command list bytes. Coding see below. 


M 



The coding of the USAT Command list is linked with the table in chapter "Type of command and next action indicator" 
of TS 31.111 [4]. For each possible value in that table one bit is assigned in the coding of the USAT Command list. 
Therefore the maximum length of the USAT command list is 32 bytes. If the USAT Command list is coded in less than 
32 bytes, the missing bytes are assumed to have the value '00', indicating, that the corresponding USAT Commands are 
not allowed. 

bl of byte 1 of the USAT Command list shall be handled differently from the remaining bits and bytes of the USAT 
Command list: 

If bl of byte 1 is then the USAT Command list shall be interpreted as specified below. If bl of byte 1 is 1 then the 
USAT Interpreter shall allow the execution of all USAT Commands and all the remaining bits in the USAT Command 
list shall be ignored by the USAT Interpreter. 

Byte 1 of USAT Command list: 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



0: command list as indicated 

1 : all commands allowed, command list ignored 

linked to '01' (REFRESH) 

linked to '02' (MORE TIME) 

linked to '03' (POLL INTERVALL) 

linked to '04' (POLLING OFF) 

linked to '05' (SETUP EVENT LIST) 

linked to '06' (currently not used by TS 31.111 [4]) 

linked to '07' (currently not used by TS 31.111 [4]) 



Byte 2 of USAT Command list: 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



linked to '08' (currently not used by TS 31.111 [4]) 
linked to '09' (currently not used by TS 31.111 [4]) 
linked to 'OA (currently not used by TS 31.111 [4]) 
linked to '0B' (currently not used by TS 31.111 [4]) 
linked to '0C (currently not used by TS 31.111 [4]) 
linked to '0D' (currently not used by TS 31.111 [4]) 
linked to '0E' (currently not used by TS 31.111 [4]) 
linked to 'OF' (currently not used by TS 31.111 [4]) 



• • • 

Byte 32 of USAT Command list: 
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b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



■ linked to 'F8' (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'F9' (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'FA' (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'FB' (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'FC (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'FD' (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'FE' (currently not used by TS 31 .1 1 1 [4]) 

■ linked to 'FF' (currently not used by TS 31 .1 1 1 [4]) 



6.1 .2.10.3.8 Parameter: USAT Interpreter byte code list 

Description: see clause 5.3.1.1. 



Length 


Value 


Description 


M/O 


1 


'08' 


Index value for USAT Interpreter byte code list 


M 


1 


A 


Length (1-4) 


M 


A 


Data 


USAT byte code list. Coding see below. 


M 



The coding of the USAT Interpreter byte code list is linked with the table in chapter "Tag Values" of TS 31.113 [2] . For 
each possible value in the range of '40' to '5F' in that table one bit is assigned in the coding of the USAT Interpreter byte 
code list. Therefore the maximum length of the USAT Interpreter byte code list is 4 bytes. If the USAT Interpreter byte 
code list is coded in less than 4 bytes, the missing bytes are assumed to have the value '00', indicating, that the 
corresponding USAT Interpreter commands are not allowed. 

Byte 1 of USAT Interpreter byte code list: 



b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



■linked to tag '40' (Set Variable) 

■linked to tag '41' (Assign and Branch) 

■linked to tag '42' (Extract) 

■linked to tag '43' (Go Back) 

■linked to tag '44' (Branch on Variable Value) 

-linked to tag '45' (Exit) 

-linked to tag '46' (Execute USAT Command) 

-linked to tag '47' (Execute Native Command) 



Byte 4 of USAT Interpreter byte code list: 
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b8 


b7 


b6 


b5 


b4 


b3 


b2 


b1 



linked to tag '58' (currently not used by TS 31.1 13 [2]) 
linked to tag '59' (currently not used by TS 31.1 13 [2]) 
linked to tag '5A' (currently not used by TS 31 .1 13 [2]) 
linked to tag '5B' (currently not used by TS 31.113 [2]) 
linked to tag '5C (currently not used by TS 31 .1 13 [2]) 
linked to tag '5D' (currently not used by TS 31 .1 13 [2]) 
linked to tag '5E' (currently not used by TS 31.113 [2]) 
linked to tag '57' (currently not used by TS 31.1 13 [2]) 



6.1 .2.1 0.3.9 Parameter: Linked Pull TAR 



Description: see clause 5.3.1.1. 



Length 


Value 


Description 


M/O 


1 


'09' 


Index value for Linked Pull TAR 


M 


1 


3 


Length 


M 


3 


Data 


TAR value of Operational Pull Configuration Set 


M 



6.1.2.10.3.10 Parameter: Indication to a bearer specific data set 



Description: see clause 5.3.1.1. 



Length 


Value 


Description 


M/O 


1 


'OA 


Index value for Bearer Specific Data Set 


M 


1 


1 


Length 


M 


1 


Data 


Bearer specific data set index. Coding: One byte binary value in the 
range '00' to 'FF. 


M 



6.1.2.10.4 Possible errors 



Error Code 




No error 


OK 


Bad TAR value 


Provided TAR value is not in the range defined for the 
configurations of one of the operational configuration sets. 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to create a new configuration or store 
data for an existing configuration. Available memory 
indicated. 



6.1.2.11 Modify Bearer Data 

This command is used to modify the configuration data for a specific bearer. Currently, only the SMS bearer is 
specified in the present document. 
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6.1 .2.1 1 .1 Coding of the Modify Bearer Data command 



Lengin 


Value 


Description 


IVI/tJ 


1 


bL> 


Modify Bearer Data Ul- 1 LV tag 


M 


1-3 


2+A 


Length 


M 


1 


Data 


Bearer specific data set index, binary value coded on 1 byte in the 
range '00' to 'FF'. 


M 


1 


Data 


Type of bearer; coding: 
'00': SMS-PP bearer 
'OI'-VF': RFU 
'80' - 'FF': proprietary use 


M 


A 


UI-TLV 


Parameter List 


M 



6.1.2.11.2 Bearer specific data set index 

This entry identifies the bearer specific data set to be modified. If the addressed bearer specific data set does not exist, 
the bearer specific data set shall be created and stored by the USAT Interpreter. 

6.1.2.11.3 Type of bearer 

This entry specifies the type of bearer for this bearer specific data set. The following list of parameters is to be 
interpreted according to this entry. 

6.1.2.11.4 Parameter List for SMS bearer 

This UI-TLV contains the SMS bearer parameters to be created or modified by this command. 

The type of bearer byte in the Modify Bearer Data UI-TLV shall be set to '00', indicating the SMS-PP bearer. 

Coding of the parameter list: See clause 6.1.2.10.3. 

Parameter: SMS Access Data 



This parameter specifies the SMS access data to be used by the USAT Interpreter for UI originated SMS to access the 
security node. 



Length 


Value 


Description 


M/O 


1 


'0B' 


Index value for SMS access data 


M 


1 


'1C 


Length 


M 


12 


Data 


TP-Destination Address 


M 


12 


Data 


TS-Service Centre Address 


M 


1 


Data 


TP-Protocol Identifier 


M 


1 


Data 


TP-Data Coding Scheme 


M 


1 


Data 


TP-Validity Period 


M 


1 


Data 


First byte of TPDU 


M 



Coding: 
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Field 


Contents 


Coding 


TP-Destination 
Address 


As defined for SM-TL address fields 
in TS 23.040 [6] 


Unused nibbles are set to 'F'. 


TS-Service Centre 
Address 


RP-Destination Address for the 
Service Centre as defined in TS 
24.011 [8] 


Unused nibbles are set to 'F'. 


TP-Protocol 
Identifier 


As defined in TS 23.040 [6] 




TP-Data Coding 
Scheme 


As defined in TS 23.038 [7J 




TP-Validity Period 


As defined in TS 23.040 [6] for the 
relative time format 




First Byte of TPDU 


As defined in TS 23.040 [6]; 
includes TP- MTI, TP-RD, TP-VPF, 
TP-RP, TP-UDHI and TP-SRR 


'51 ' if UDHI is set (standard) 
'11' if UDHI is not set 



6.1.2.11.5 Parameter List for other bearers 

This is for further study. 

6.1.2.11.6 Possible errors 



Error Code 




No error 


OK 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to create a new data set or to store data 
for an existing data set. Available memory indicated. 



6.1.2.12 Install Plug-In 

This command is used to extend the functionality of the US AT Interpreter by installing plug-ins. It is strongly 
recommended, that the loaded code contains a strong authentication which should be checked by the US AT Interpreter 
in order to install and activate the plug-in. This authentication should verify the source of the code, not just the 
administration entity in the USAT Interpreter Gateway system sending the command. 

The usage and specification of that authentication is out of the scope of the present document. 

The handling of downloading plug-in code which exceeds the size of a single secured message (e.g. the USAT 
Interpreter System may not be able to handle single secured messages of arbitrary length) is out of the scope of he 
present document. The downloaded code may contain information to handle storage and concatenation of such 
messages. 

If a plug-in is installed successfully by the USAT Interpreter, the NCI value (see TS 31.113 [2]) shall be reflected in the 
USAT Interpreter system information variable '03' (USAT Interpreter native commands, see TS 31.1 13 [2]). 

If the NCI value given in the Install Plug-in command is already used by an installed plug-in, an error shall be 
generated. To overwrite an existing plug-in, the Remove Plug-in command shall be used first. 

Another mechanism for installing plug-in functionality may be used, namely the mechanism for application (e.g. applet) 
management as specified in TS 23.048 [3]. 



6.1 .2.1 2.1 Coding of the Install Plug-In command 



Length 


Value 


Description 


M/O 


1 


'6D' 


Install Plug-In UI-TLV tag 


M 


1-3 


2+A 


Length 


M 


2 


Data 


NCI value for the plug-in to be installed, see TS 31 .1 1 3 [2] 


M 


A 


UI-TLV 


Plug-in Installation Data 


M 
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6.1 .2.1 2.2 Plug-in Installation Data UI-TLV 

The Plug-in Installation Data UI-TLV contains the necessary information to make the plug-in available. The coding and 
contents of the value part of this UI-TLV is out of the scope of the present document. The value part may contain data 
to verify the source of the information and data to provide means to split the information necessary for the plug-in 
functionality to several Install Plug-In commands. 



Coding: 



Length 


Value 


Description 


M/O 


1 


'46' 


Plug-In Installation Data UI-TLV tag 


M 


1-3 


A 


Length 


M 


A 


Data 


Data representing the plug-in installation data 


M 



6.1.2.12.3 Possible errors 



Error Code 




No error 


OK 


NCI already in use 


The NCI value is already used by another plug-in 


Not enough memory, 
additional information: 
Remaining memory 


Not enough memory to the plug-in. Available memory 
indicated. 



6.1.2.13 Remove Plug-In 

This command is used to remove an existing Plug-In. 

Another mechanism for removing plug-in functionality may be used, namely the mechanism for application (e.g. 
applet) management as specified in TS 23.048 [3]. 



6.1 .2.1 3.1 Coding of the Remove Plug-In command 



Length 


Value 


Description 


M/O 


1 


'6E' 


Remove Plug-In UI-TLV tag 


M 


1 


2 


Length 


M 


2 


Data 


NCI value for the plug-in to be removed 


M 



6.1.2.13.2 Possible errors 



Error Code 




No error 


OK 


No error, 

additional information 
result code: 

'6F05' reference to undefined 


Plug-in with given NCI value not found. 

For this case the USAT Interpreter shall not stop the 

execution of ADM request. Nevertheless this information shall 

be included in the response to the USAT Interpreter Gateway 

System. 



6.2 ADM Response 

The USAT Interpreter shall generate an ADM Response UI-TLV contained in an UIO BER-TLV for Administration 
Messages and shall send this message back to the USAT Interpreter Gateway System. See clauses 5.4.2 and 5.3.1.4. 

The ADM Response contains the list of results of each command executed within the ADM Request in the order given 
in the ADM Request. 

The USAT Interpreter shall generate an ADM Response UI-TLV after execution of the command list. 
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If an error occurs during the execution of the ADM commands no further ADM commands of that ADM Request are 
executed. Nevertheless the ADM Response shall be sent. 

For some results additional information shall be provided by the USAT Interpreter according to clause 6.3. 



6.2.1 ADM Response Structure 



Length 


Value 


Description 


M/O 


1 


'61' 


ADM Response UI-TLV tag 


M 


1-3 


A+...+X 


Length 


M 


A 


UI-TLV 


ADM Result 1 


M 










X 


UI-TLV 


ADM Result n 






The ADM results shall be given in the order of the corresponding ADM commands. 



6.2.2 ADM Result UI-TLV 



Length 


Value 


Description 


M/O 


1 


'45' 


ADM Result UI-TLV tag 


M 


1-3 


2+A 


Length 


M 


2 


Data 


Result code, binary coded in 2 bytes, according to clause 6.3 


M 


A 


Data 


Additional information depending on the result code, according to 
clause 6.3 






6.3 Error coding 

For the indication of errors occurring during execution of administration commands, error codes listed in the following 
table shall be used by the USAT Interpreter. 



Type of error 


Coding 


Additional information 
(for ADM Responses only) 


No error 


'0000' 


'XXXX' 

result code as specified for some ADM 
commands 


Problem in memory management 


'6F03' 




Security problem 


'6F04' 




Reference to undefined 


'6F05' 




USAT administration command not allowed 


'6F0A 




Modify configuration not allowed 


'6F0B' 




Not enough memory 


'6F20' 


'XXXX' 

Memory available binary coded in 2 bytes 


Administration command not known 


'6F21' 




Configuration not available 


'6F22' 




Bad TAR value 


'6F23' 




NCI value already in use 


'6F24' 
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7 Used tag values 
7.1 BER-TLV tag values 



Description 


Value 


UIO Pull Request BER-TLV 


'CO' 


UIO Administration Message BER-TLV 


■cr 


GO Pull Response BER-TLV 


'C2' 


GO Push BER-TLV 


'C3' 


GO Administration Message BER-TLV 


'C4' 


UI-TLV tag values 


Description 


Value 


Reserved for data structures in TS 31 .1 13 [2] 


'01' to '3F' 


RequestID UI-TLV tag 


'40' 


Additional Information UI-TLV tag 


'41' 


TAR Value UI-TLV 


'42' 


Icon Identifier UI-TLV 


'43' 


Parameter List UI-TLV 


'44' 


ADM Result UI-TLV 


'45' 


Plug-In Installation Data UI-TLV 


'46' 


RFU for data structures specified in the present document 


'47' to '5F' 






ADM Request UI-TLV 


'60' / 'E0' 


ADM Response UI-TLV 


'61' 


Install Page UI-TLV 


'62' / 'E2' 


Remove Page UI-TLV 


'63' / 'E3' 


Configure Ul Entering Menu Title UI-TLV 


'64' 


Configure Menu Text for Page UI-TLV 


'65' 


Remove Menu Text for Page UI-TLV 


'66' 


Install Event UI-TLV 


'67' 


Remove Event UI-TLV 


'68' 


Modify Environment Variable UI-TLV 


'69' 


Modify Wait State Message UI-TLV 


'6A' 


Modify Configuration Data UI-TLV 


'6B' 


Modify Bearer Data UI-TLV 


'6C 


Install Plug-In UI-TLV 


'6D' 


Remove Plug-In UI-TLV 


'6E' 


RFU for commands specified in the present document 


'6F' to '7F' 
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Annex A (informative): 
Change history 



The table below indicates all change requests that have been incorporated into the present document since it was 
initially approved by 3GPP TSG-T. 



Change history 


Date 


TSG# 


TSG Doc. 


CR 


Rev 


Cat 


Subject/Comment 


Old 


New 


2002-03 


TP-15 


TP-020077 








Version 2.0.0 was approved at TSG-T #1 5 


2.0.0 


5.0.0 


2002-06 


TP-16 


TP-020116 


001 




F 


Clarification on the USAT Interpreter behaviour if the 
indicated access mode of a gateway originated 
message does not match with the tag in transport 
layer 


5.0.0 


5.1.0 


002 




C 


Proof of Receipt management modification 
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